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Abstract 

We consider a game in which a strategic defender classifies an intruder 
as spy or spammer. The classification is based on the number of file server 
and mail server attacks observed during a fixed window. The spammer 
naively attacks (with a known distribution) his main target: the mail 
server. The spy strategically selects the number of attacks on his main 
target: the file server. The defender strategically selects his classification 
policy: a threshold on the number of file server attacks. We model the 
interaction of the two players (spy and defender) as a nonzero-sum game: 
The defender needs to balance missed detections and false alarms in his 
objective function, while the spy has a tradeoff between attacking the 
file server more aggressively and increasing the chances of getting caught. 
We give a characterization of the Nash equilibria in mixed strategies, 
and demonstrate how the Nash equilibria can be computed in polynomial 
time. Our characterization gives interesting and non-intuitive insights on 
the players' strategies at equilibrium: The defender uniformly randomizes 
between a set of thresholds that includes very large values. The strategy of 
the spy is a truncated version of the spammer's distribution. We present 
numerical simulations that validate and illustrate our theoretical results. 



1 Introduction 

Cybersecurity is important to businesses and individuals. According to a recent 
study conducted by Symantec pQ, the number of cyber attacks and threats has 
increased during 2011, resulting in lost productivity, reduced revenue, and bad 
reputation for the associated businesses. Different kinds of attacks (e.g., internal 
unintentional actions and external malicious ones) should be treated differently 
and organizations need the security intelligence to respond to all threats rapidly. 
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Since only less than half of organizations are currently pursuing security issues, 
there is still room for improvement. Our work contributes to the understanding 
of the interaction between network operators and potential attackers. 

In almost every network security situation, the administrator of a network 
(defender) has limited resources in energy and time. The defender needs to 
distinguish between different types of attackers (spy or spammer) and decide 
whether to take actions or not. For example, an attack on a mail server by 
a spammer (causing at most network congestion) should be treated differently 
than an attack on a file server (possibly involving identity theft). Therefore, the 
defender should employ various statistical tests, based on the observed number 
of file and mail server attacks and decide upon the true type of the attacker. 
Knowing that a defender is trying to classify attackers, the strategic spy is likely 
to change the way he attacks in order to make it more difficult to be classified 
as a spy. In this work, we analyze a simple model of such a classification game 
and extract key insights. 

There exists a growing body of works on the topic of intrusion detection. In a 
series of papers [HOH], Alpcan and Ba§ar present a game-theoretic analysis of a 
security game between an attacker and an intrusion detection system in different 
scenarios, both in finite and continuous-kernel versions. Our game-theoretic 
framework focuses on attacker classification, rather than intrusion detection. In 
the presence of a non-strategic player who is represented with a fixed and known 
probability distribution, the defender's task of distinguishing the true type of 
the attacker becomes more challenging. It is also interesting to see how the 
nonstrategic spammer influences the spy's strategy. 

In [5], Patcha and Park model the interaction between a node who might 
be regular or dangerous and a defender who has some prior probability for the 
existence of each type in an ad hoc network. They consider a signaling and 
dynamic game with multiple stages and the players update their beliefs and 
distributions based on Bayes' rule. On the contrary, our work considers a one- 
stage game with a fixed duration and we compute the Nash equilibria in mixed 
strategies. 

Chen and Leneutre [5] address the intrusion detection problem in heteroge- 
neous networks consisting of nodes with different non-correlated security assets, 
in the same way that the file and mail servers are of different importance in 
our work. They consider a static game with full information and limited attack 
and monitoring resources. We do not consider such limitations and we assume 
asymmetric information, since the defender is not aware of the attacker's type. 

Bao, Kreidl, and Musacchio [7 also consider an intruder classification game, 
in which the sequence of attacks is taken into account. While their model has 
many similarities with ours, we focus on less complex (but still realistic) payoff 
functions that allow us to go one step further than simulations and analyze the 
structure of the Nash equilibria. 

Gueye, Walrand, and Anantharam [5J [5] have investigated the structure of 
the Nash equilibria in a network topology game where two adversaries select 
which links to attack and defend. They consider a special case of nonzero-sum 
games, in which the different term in the players' payoffs is controlled only by 



the one player. In these games, one player optimizes his payoff against the other 
who has optimized his payoff as well. Such games are easier to analyze than 
general nonzero-sum games, and they give interesting insights on the strategies 
of the two players. Our work is using a similar payoff formulation in a different 
setting: the defender selects a threshold on file server attacks (not a set of links 
to defend) and there are two different types of attackers. 

To the best of our knowledge, [TU] is the most relevant work to ours. The 
authors address the problem of classifying a malicious intruder in the presence 
of an innocent user. The malicious intruder can perturb his behavior to confuse 
the classifier and evade detection. But, their work focuses only on one iteration 
of the game and how each player can once adjust his strategy to optimize his 
expected payoff, given the optimal strategy of the other player. On the contrary, 
we provide an algorithm to find the Nash equilibria of the game. 

In summary, our contributions are the following. We propose a game- 
theoretic model to analyze the interactions between two adversaries: a classifier 
(defender) and a malicious attacker when a nonstrategic spammer is present. 
We compute the Nash equilibria in polynomial time. We perform numerical 
experiments that validate the theoretical computation and give non-intuitive 
insights on the players' strategies. 

The rest of the paper is organized as follows. Section [2] describes the game 
model and underlying assumptions. Section [3] explains how to reduce the com- 
plexity of the game and compute the Nash equilibria in polynomial time. Sec- 
tion [4] presents the performance evaluation through numerical experiments and 
Section [5] concludes the paper. 

2 Game Model 

The game model is as follows. A network consists of a defender and two servers 
that are monitored for potential attacks: a File Server (FS) with sensitive data 
and a Mail Server (MS) with contents of inferior importance. We assume a 
constant classification window of N time slots (discrete time), during which 
the defender observes the number of hits on the FS / MS coming from a single 
attacker. Nature decides the type of the attacker in the network: spy or spammer 
with probabilities p and X — p respectively. 

The defender is a strategic player and seeks to correctly classify the potential 
intruder. He selects a threshold T. If he observes T or more hits on the FS, he 
classifies the attacker as a spy; otherwise as a spammer. The spy's goal is to 
attack the FS as frequently as possible while evading detection. He is a strategic 
player and selects the number of FS attacks H to launch. 

The spammer is a non-strategic player with a tendency to attack more often 
the MS to congest the network or annoy the defender. He attacks the FS 
Z time slots with a known and fixed distribution. For instance, he can be 
modeled to have a Bernoulli distribution at each time slot with a small per- 
period probability 6q of a hit on the FS. 



Notational Conventions: 

We use "min[v]" to denote the minimum element of a vector v, and "minimize" 
when we minimize a specific expression over some constraints. We use the prime 
sign (') for transpose of matrices and vectors. All vectors are assumed to be 
column vectors and are denoted by bold lowercase letters (e.g., a, (3). For 
matrix notation we use capital greek letters (e.g., A) and the indicator function 
is denoted by t CO nd- It is equal to 1 if "cond" holds and is equal to otherwise. 
The column vector of ones of length N is denoted by In and the matrix of 
ones of dimensions N x M is denoted by Ijvxm- An overview of the important 
parameters is shown in Table [T] 

2.1 Spy's cost function 

The spy is detected when T < H, which incurs a cost of Cd to the spy. Each of 
the H FS hits gives the spy a benefit of c a . We assume that the spy gains nothing 
from attacking the MS. We will work with a cost function for the attacker rather 
than a payoff function, thus, his overall cost function can be expressed as follows 

Ja(T, H) = c d - 1t<h - Ca- H. 

2.2 Defender's reward function 

The defender's expected reward function depends on the true type of the at- 
tacker. 

• With probability p the defender faces a spy and classifies him correctly 
when T < H . The defender gains Cd for the correct classification of the 
spy, but loses c a per FS hit. 

• With probability 1 — p the defender faces a spammer, who is incorrectly 
classified as spy with probability <j)(T) = Pr{Z > T}. The expected false 
alarm penalty in this case is c/ a • 4>(T). 

Combining these two scenarios, the defender's expected payoff is 

U D (T, H)=p-{c d - t T <H -c a -H)-(l-p)- c fa ■ <f>(T). 

By scaling the above function, we get 

U D (T, H) = c d - 1 t <h -c a -H- n(T), 

1-p 

where fi(T) = - • c fa ■ <f>{T). 

Function <fi(T) is decreasing (since it is an complementary cumulative density 
function) and we also assume that it is strictly decreasing: Pr{Z > T} > 
Pr{Z > T + 1}. 



2.3 Players' interactions 



For a fixed observation window N the spy has N + 1 available actions (attack 
the file server H <G {0, . . . , N} times), whereas the defender has N + 2 available 
actions (select T e {0, . . . , N + 1} as the classification threshold). A threshold 
of always results in spy classification (any intruder will attack the FS at least 
times) ; a threshold of N + 1 always results in spammer classification (a spy 
cannot attack N + 1 times during N). 

We model our problem as a nonzero-sum game. However, the defender's 
payoff is different from the spy's cost function in only one term niT) that de- 
pends only on the defenders strategy (UD(T,H) = JA(T,H) - /z(T)). These 
games are known as almost zero-sum games or quasi zero-sum games. We are 
interested in Nash equilibria in mixed strategies for the following reason. The 
spy seeks to select H just below T to evade detection. The defender aims to 
select a threshold T equal to the attacker's strategy H. Thus the players need 
to mix between different strategies to make themselves less predictable. The 
spy chooses a distribution a. on the available numbers of FS hits — thus a is 
a vector of size N + 1 with non negative elements that sum to 1. Similarly 
the defender chooses a distribution (3 on the collection of possible thresholds T. 
Thus (3 is a vector of size N + 2. 

Let A be a (N + 1) x (N + 2) matrix representing the spy's strategies' cost. 
Since the number of strategies available to each player is not the same, the cost 
matrix A is not square. We express the cost matrix of the attacker as 



A = c d ■ 



(I 
1 



0\ 



• 
. 1 oj 



( o \ 
i 

2 

N- 1 
V N J 



■l'r 



N+2 



with respective elements Ai(i,j) = lj<i and A 2 (i,j) — i, where i = {0, . . . , N} 
designates the row and j = {0, . . . , N + 1} the column. 

Each row i of A corresponds to one of the N + 1 possible spy strategies. 
For instance, row "0" corresponds to spy attacking the FS times (or H = 0), 
row "1" corresponds to spy selecting H = 1 and so on. Each column of A 
corresponds to one of the N + 2 possible defender strategies. For instance, 
column "0" corresponds to defender selecting T — (or always classify as spy). 
In this case the spy is always detected and loses Cd- The last column U N + 1" 
corresponds to defender selecting T — N + 1. Since it is not possible that 
that spy attacks N + 1 times during N time slots, if the defender selects this 
strategy, the spy is never caught and has zero detection cost. In A 2 , every 
column j (defender strategy) incurs the same benefit to the spy. No matter 
what the decision threshold is, the impact of the spy's attacks is the same. 



Table 1: Main Notations 



p 


probability for spy 


a 


spy's mixed strategy 


Cd 


detection cost 


(3 


def. mixed strategy 


Ca 


FS attack cost 




false alarm cost vector 


Cfa 


false alarm penalty 


0(j3) 


defendability of (3 


H 


spy's strategy (# FS hits) 


A 


cost matrix of spy 


T 


def. strategy (threshold) 


s 


first tight inequality 


Z 


# of FS hits by spammer 


f 


last tight inequality 



Let A be defined as above, and a, (3, be the spy and defender distribu- 
tions respectively. The attacker cost can be written as a! A/3 and the defender 
payoff can be written as a 'A/3 — [J.'f3, where /i is a strictly decreasing vector 
(component-wise) with Hi be the z th component of vector fi. Certain computa- 
tions are simplified by using a matrix with only positive entries. We define 

A = A + (N ■ c a + e) • l ( jv+i)x(7V+2), 

where 1(n+i)x(n+2) is a matrix of all ones of dimension (N + 1) x (N + 2) 
and e > 0. Since a and (3 must each sum to 1, the expressions a'A/3 and 
a' A/3 — /x'/3 are respectively the attacker cost and defender payoff shifted by 
a constant. Adding a constant to the players' payoff does not affect their best 
responses, thus from here on we will consider these expressions to be the payoff 
functions of each player. 

3 Game-Theoretic Analysis 

Nash proved in |14j that every finite game (finite number of players with finite 
number of actions for each player) has a mixed-strategy Nash equilibrium. Our 
game is finite, thus it admits a NE in mixed strategies. In a two-player game, the 
players' strategies a and (3 are a NE if each player's strategy is a best response 
to the other player's mixed strategy. 

3.1 Best response analysis 

We will first prove a series of lemmata that will help us state and prove our 
main Theorem. We first prove that in a NE, the spy's strategy a minimizes his 
cost and the defender's strategy (3 maximizes his payoff. 

Lemma 1. A spy who plays a best response to a defender strategy (3, has a cost 
S = min[A/3]. 

Proof. For a given defender strategy /3 and since A is positive, the minimum 
attacker cost is achieved by putting positive probability only on strategies cor- 
responding to the minimum entries of the vector A/3. Thus the spy's optimal 
cost is S = min[A/3]. □ 



Definition 1 (Defendability) . The dependability of a mixed strategy (3 is defined 
as 



6{f3) = min[A/3] - fi'f3. (1) 

It corresponds to the defender's payoff when the attacker plays a best response 
to p. 

The defendability is similar to the notion of vulnerability in [8 , that is a 
measure of how vulnerable a set of links is. An interesting property of the 
defendability is that it depends only on the defender's strategy and not on the 
spy's selection of a. This is due to the aforementioned "almost" zero-sum game. 
We will exploit this property in the subsequent analysis. 

In Nash equilibrium, each player in the game selects a best response to the 
other player's strategies. We show below (Lemma [2]) that the defender's best 
response to any spy's best response maximizes the defendability. 

We proved in Lemma[T]that the best response of the spy against any defender- 
strategy P, gives a spy cost S = min[A/3]. The attacker's optimization problem, 
subject to the constraint that he limits the defender to the defendability 6(P) 
takes the following form 

Primal with constraints: 

minimize a' A/3 

a 

subject to a > 0, ljy +1 • a > 1, (2) 
a' A - \j! < 0{p) ■ l' N+2 . 

The last constraint in the above LP comes from the fact that the defender's 
payoff from any pure strategy in the support of the defender's NE strategy is 
the same (and equal to the defendability) , and at least as good as the payoff from 
any pure strategy not in the support of his mixed strategy, when the attacker 
is playing his NE strategy. The dual constrained LP is 

Dual with constraints: 

maximize (— l'/v+2 ' &{0) ~ A 1 ')?/ + z 
y,z 

subject to y > 0, z > ( 3 ) 
z ■ 1 N+1 - Ay < Ap. 

As we show below, the optimal value of the dual LP given by (|3| is equal to 
5 if and only if P is a maximizer of the function 6(P). If the optimal value 
was greater than 5, then the attacker would not play a best response against a 
strategy P, namely we would not be in NE. 

Working on the last constraint gives A(/3 + y) > z ■ ljv+ij and since 
we seek to maximize a nonnegative z with an upper limit, z = min[A(/3 + 
y)]. We note here that since A and (P + y) are nonnegative matrix and vector 
respectively, their multiplication is also a nonnegative vector and the above 



optimal value for z is valid. With the above substitution for z, we get the 
following LP 



maximize — ||y||6>(/3) — fj,'y + min[A(/3 + y)] 

(4) 

subject to y > 0, 

N+l 

where we define ||y|| = ||y||i = \fji\- 

i=0 

Lemma 2. In NE, the defender strategy (3 maximizes the dependability 6{(3). 

Proof. Part I: Suppose that the defender's strategy is /3 such that 6(j3) < 6(£), 
where £ = argmaxf. Let y = k£, with k 1. Then Q gives 

maximize - \\k$,\\6([3) - /j,'k£ + min[A(/3 + fc£)] 

(5) 

subject to k 1. 

Since fc£ 3> /3, ||£|| = 1 and 6(£) = min[A£] — the argument that needs to be 
maximized in (|) becomes -k0(/3)+k9(£) or k (0(£) - 6(J3)). Since 0(£) > 9{f3), 
this expression can be made arbitrarily large. Therefore, the optimal value of 
Q is infinity. Since the optimal value of the dual problem is unbounded, the 
initial primal problem is infeasible [T^]. Therefore, if the defendability of (3 is 
not maximal, then /3 is not a NE. 

Part II: Suppose that the defender's strategy (3 £ arg max 0(A). We show 
that the optimal values of the attacker's constrained and unconstrained LP 
problem are the same, i.e., 5 cons t = S, where 8 const is the optimal value of ([2]). 
Since ^ is a minimization problem over a smaller set (extra constraints), 

Sconst > S. (6) 

With the change of variable q — f3+y, we transform Q to the following problem 
maximize - (||q|| - ||/3||)0(/3) - y!(q - 0) + min[Ag] 

(7) 

subject to q > (3. 

We take now a relaxed version of the above problem, where the constraint is 
q > instead of q > (3 

maximize{-(||q|| - \\[3\\)6{(3) - fi'(q - (3) + min[Aq]}. 

q>0 

Clearly the optimal value 8 r eiax-const in the above relaxed maximization prob- 
lem is greater than or equal to the optimal value 8 cons t of the original problem 
Q, since we maximize the same objective function over a larger set. Thus 



'relax— const 



> 8 const- (8) 



Since ||/3|| = 1 and 6 — 9((3) + fi'f3, from the above relaxed problem we get 



maximize{<5 — ||q||6>(/3) + min[Aq] — fi'q}. (9) 

q>0 

But min[Aq] - fi'q = \\q\\ ■ 9(q) < \\q\\ ■ 9(13), since (3 <E argmax#(A). Thus, the 
maximization in ^ always gives an optimal value 



Jrelax — const 



< 6. (10) 



From Q and |lO} we get S < 6 const < S re i ax ^ const < 6, which yields 

ficonst = S. □ 

Definition 2 (Tight constraint). An inequality constraint is tight, if it holds as 
an equality; otherwise, it is said to be loose. 

Definition 3 (Polyhedron) . A polyhedron is the solution set of a finite number 
of linear equalities and inequalities. 

Definition 4 (Extreme point). A point x of a polyhedron is said to be extreme 
if there is no x' whose set of tight constraints is a strict superset of the set of 
tight constraints of x. 

Lemma 3. There exists a defender NE strategy j3 amongst the extreme points 
of a polyhedron defined by Kx > ljv+i, x > 0. 

Proof. As we proved in Lemma [2j in NE, the defender maximizes the defend- 
ability, that is, he solves the following "defendability LP" 

maximize — ti' (3 + z 

f3,z 

subject to z ■ 1jv+i < A/3 (11) 
l' N+2 ■ f3 = 1, [3 > 

The solution for z is z = min[A/3] (finite and positive since A positive). The 
objective is a finite quantity reduced by a positive value (\i > 0,/3 > 0), thus 



(11) is bounded. Consider a vector [f3; z] that is both a solution to ([TT]) and 



extreme for the inequalities of ( 11 ). From the basic theorem of linear program- 
ming such a point must exist. Let <S* be the set of indices of tight inequalities of 
A/3 > z ■ Iat+i, and P be the set of indices of tight inequalities in (3 > 0. 

Defining x := f3/z, the above constraints become Aa; > 1, x > 0, and x 
is a feasible point. The same sets S and P specify the tight inequalities and 
x is an extreme point of this feasible region. If it is not extreme, then there 
exists a point x with corresponding sets of tight inequalities S 3 S and P D P, 

~ x ~ 
one of which is a strict superset. Let (3 = — -, and z = min[A/3]. It can 

ljV+2 X 

be easily shown that (3 is a feasible point to the inequalities A/3 > zljv + i, and 
(3 > 0: Indeed, A/3 > min[A/3] = z, and since x > 0, (3 > 0. It can also be 
shown that (3 has tight inequalities in S and P. Indeed V?' £ P, /3j = (thus (3 



has tight inequalities in P). Vi € S, x has tight inequalities in S, thus [Ax]i = 
min[Ax] = 1. We divide the last equation with 1^+2 ' * (constant, can get 

inside the min) and get [A(— -)], = min[A— - f -]. But — = /3, 

thus [A/3]i = min [A/3], so /3 has tight inequalities in S. Thus [/3, z] has a strict 
superset of tight inequalities to [/3; z]; this is a contradiction with our hypothesis 
that [/3; z] was an extreme point. Thus, the defendability is maximized at the 
extreme points of the polyhedron Ax > ljv+ij x > 0. Given an extreme point 
x, we compute the distribution /3 = a;/||cc||. Thus, a point x = (xq, . . . ,xn+i) 
corresponds to a defender's strategy /3, after normalizing it. □ 

Adding the constant parameter Nc a + e to every element of A does not 
change the structure of the Nash equilibria but renders A strictly positive. We 
thus avoid the problems that arise when the minimum element of the vector is 
zero (infinite solution). 

3.2 Form of players' strategies in NE 

In this section we show how the NE in mixed strategies for the two players can 
be computed in polynomial time. 

3.2.1 Defender's NE strategy 

As we saw in Lemma [3j the best response strategy of the defender is found by 
looking at the extreme points of the polyhedron Aa; > 1jv+i, x > 0. We call the 
first type "inequality" constraints and the second type "positivity" constraints. 
We have N + 1 "inequality"- and N + 2 "positivity" constraints. Writing down 
the "inequality" constraints, we get 

c rf -x + (^c o + e)||x|| > 1 
Cd-(x +xi) + [{N-l)ca + e]\\x\\ > 1 

Cd ■ (%o + xi + . . . + xjy) + e||x|| > 1. 

Our goal is to eliminate nonextreme points that are not selected by a defender 
in NE, so that we reduce the number of points we have to check. 

Lemma 4. Two points X\ and x? on the polyhedron, with \\x\\\ = ||a52||> 
correspond to defender NE strategies [3 1 and /3 2 respectively with min[A/3i] = 
min[A/3 2 ]. 

Proof. We showed in Lemma[3]that the equation that needs to be solved in NE is 
Aa; > 1, with = 1/z = 1/ min [A/3]. Thus, if the norm is preserved, the 
optimal attacker cost min [A/3] is also preserved. Hence min[A/3i] = minfA^]- 

□ 

Lemma 5. An extreme point x satisfies at least one tight inequality. 



Proof. If none of the inequalities are tight, we scale the vector x down until one 
inequality becomes tight. The new vector's set of tight inequalities is a strict 
superset of those of the original vector, thus the point with no tight inequalities 
is not extreme. □ 

Lemma 6. If \\xi\\ = \\x2W and fi'x-i < fi'x 2 , then x 1 corresponds to a de- 
fender strategy f3± with a better defendabiUty, i.e., 0({3i) > difiz). 

Proof. Since ||a:i|| = ||ai2||, min[A/3i] = min[A/32] (Lemma[4|). Combining the 
above result with the definition of the defendability we get 

0(/3i) - 0(f3 2 ) = min[A/3i] - y! - (min[A/3 2 ] - fi'fo) 

Since fi'xi < y'x 2 , the point X\ corresponds to a defender strategy f3± with a 
smaller false alarm cost, y'f3i < fi' ' (3 2 . Hence 9(f3±) > 0(f3 2 ). □ 

Lemma 7. An extreme point x corresponding to a defender NE strategy (3 
satisfies exactly one contiguous set (of indices) of tight inequalities. 

Proof. An extreme point satisfies at least one tight inequality (Lemma [5]). Sup- 
pose there are two tight inequalities with indices s and /, with f > s, and that 
there is at least one loose inequality (with index k) between s and /. Since k is 
loose, it should be that Xk > ^\\ x \\ > (after subtracting the loose inequality 
from the previous tight one). We make the following transformation 

' Xi for i G {0, . . . , k - 1} U {k + 2, . . . , N + 1} 
Xi — t\ for i = k (12) 
^Xi + €1 for i = k + 1, 

where e\ > is small enough so that Xi > ^Wx]]. 

The transformation preserves the norm (||a;|| = ||x||), but y'x > fi'x. The 
latter comes from the fact that /j,'(x—x) = fik ■ (^fc~ x k) +A i fe+i ■ (^fe+i — ^fe+i) — 
fik ■ £i +t l k+i ■ (— £i) = £i • (f^k ~ Mfe+i) > 0, since \i is a strictly decreasing vector 
(component-wise). Thus, from Lemma [6j x corresponds to a defender strategy 
with a better defendability. If there are more than one loose inequalities, we 
can iteratively make the above transformation until the point x has a unique 
contiguous block of tight inequalities, in which case x corresponds a defender 
NE strategy (a defender's unilateral change of strategy would not result in a 
better defendability). □ 

Let s and / be the indices of the first and last tight inequalities respectively. 

Lemma 8. An extreme point x that corresponds to a defender NE strategy (3 
has zeros before s and after f + 1, i.e., 



x t =0,Vi G {0,...,s- 1}U{/ + 2,...,JV + 1}. 



Proof. We first show that Xi = 0,Vi < s. If 3i 6 {0, . . . , s — 1}, s.t. Xi > 
0, we reduce Xi to a:, until either £i = or until the i th (previously loose) 
inequality becomes tight, and increase x.;+i by the same amount. We maintain 
1 1 a; 1 1 constant, but we get one more tight constraint. Thus the original point 
is not extreme, as we can find another point whose tight constraints is a strict 
superset of those of the original. 

We now show that x t = 0, Vi > / + 1. If 3i G {/ + 2, . . . , N + 1}, s.t. x, > 
0, we reduce Xi until x\ = 0, and increase sc/+i by the same amount. The 
previously loose (/ + l) th inequality is made looser, and we keep the norm 
constant, but x has one more tight constraint, thus x was not extreme. □ 

Lemma 9. In any Nash equilibrium, f = N. 

Proof. Suppose that f < N. Subtracting the tight inequality / from the loose 
inequality / + we get x/+i > x m , where x m — — \\x\\. We make the following 

Cd 

transformation 

( Xi forie {0,...,/}U{/ + 3,...,iV + l} 

Xi = < x m for i = f + 1 (13) 

[x f+1 -x m fori = / + 2. 

With the above transformation we get 

H'(x -x) = Hf+i ■ {x f+ i - Xf+i) + M/ +2 ■ {xf+2 - x f+2 ) 
= (if+i ■ (x m - x f+1 ) + (if +2 ■ (x f+1 ~ x m - 0) 

= (x f + 1 - X m ) ■ (/i/ +2 - flf+l) 

<0, 



since x/+2 = 0, x/+i > x rn , and /i is a strictly decreasing vector (ju/+2 < A*/+i)- 
Hence, for the new point x, it holds that ||x|| = ||cc||, but fi'x < fi'x. Thus 
from Lemma [6] point x corresponds to a defender NE strategy with a better 
dcfcndability. We can continue making the above transformation until / = 
N, when the defender's payoff cannot be maximized by a unilateral deviation. 
Hence, in any Nash Equilibrium, f — N. □ 

Lemma 10. An extreme point x that corresponds to a defender NE strategy (3 
cannot have both x s > and xjv+i > 0. 

Proof. In Lemmata [7]|9j we proved that an extreme point x that corresponds 
to a defender NE strategy satisfies a contiguous block of tight inequalities with 
nonzero components between s through N + 1. We make the following trans- 
formation 

(f-Xi Vie{0,...,s-l}U{s + l,...,iV} 

Xi = < for % = s (14) 

I 7 • (x a + Xi) for i = N + 1, 



Table 2: Defender's strategy in NE {(3 m = c a /c d ) 
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with 7 = or, 7 = -. — , -. . r T . The definition of 7 is such 

l-c d -x s \\x\\[(N-s)c a + e] 

that the s th inequality is still tight after the transformation, i.e., 

j-(c d -0+[(N-s)c a + e}\\x\\) = l. 

The loose inequalities before s become looser with the scaling with 7 (7 > 1), 
whereas the previously tight inequalities s + 1 through N are still tight. Indeed, 
after the above transformation, any previously tight inequality with index k € 
{s + 1, . . . , N} gives 

7 (c d • (0 + x s+1 + ...+ x k ) + [(N-s- k)c a + e]\\x\\) 
= 7 (c<i(xs + x s+ i + ... + x k ) + [(N - s - k)c a + e]\\x\\) - jc d x s 
(after subtracting and adding 7 • c d x s ) 
= 7 — 7 ■ c d x s (the (s + l) th inequality was tight before) 
= 1 (from the definition of 7). 

With the above transformation, we get an extra tight constraint (x s = 0), thus 
the previous point was not extreme. □ 

Lemma 11. For an extreme point x that corresponds to a defender NE strategy 
(3, we only have two possible combinations 

1. (0, . . . , 0, x s = 0, x s+ i = . . . = x N = x m ,x N+ i > 0) 

2. (0, . . . , 0,x s > 0,x s+1 = . . . = x N = x m ,x N+1 = 0), where x m = —\\x\\. 

c d 

Proof. From Lemma [7j the inequalities s through N are tight. Subtracting any 
tight inequality k, fee {s + 1, . . . , N} from the first tight inequality (s th ), gives 

Xk = %m, with x m = — \\x\\. Also, from Lemma 8l Xi = 0,Vi € {0, . . . , s — 1}. 

c d 



From Lemma 10 the combination x s > and xn+i > is not possible, thus 
the only possible forms of extreme points x that correspond to a defender NE 
strategies are the ones described above. □ 

We can now state and prove our main Theorem. 

Theorem. In any Nash equilibrium the defender's strategy [3 maximizes the 
defendability A maximizing value of (3 exists amongst one of the two forms 
in Table^for some s. If there is only one maximizing (3 amongst vectors of the 
form in Table^ then the Nash equilibrium is unique. 



Proof. The first statement of the Theorem is a direct consequence of Lemma [2j 
Combining the results of Lemmata [3]and 11 we can prove the second statement. 



In the first type, when x s = 0, the point x corresponds to a defender NE strategy 
f3 with \\f3\\ = 1, thus Pn+i = 1 — (N — s) ■ /3 m or 0n+i = and equivalently for 
the second type, where x s > 0, we have /3 S = 1 — (N — s) ■ /3 m , with /3 m = c a /c^. 
Hence, there exists a Nash equilibrium in which the defender's strategy (3 has 
one of the two forms in Table [2] □ 

In the case that (N — s)j3 m = 1, then both cases give the same NE strategy 
(3 = (0, . . . , j3i = . . . = = j3 m , 0). Then, (N — s)c a = and since s > 0, the 
condition that needs to be satisfied is a < Nc a . 



If the defendability LP (11) produces a unique maximizer j3, then only one 



of the above cases will maximize the defendability and therefore the Nash equi- 



librium will be unique. In the case that the solution of (11) is not unique, we 
could prevent ties between extreme points that vary in s by a small perturbation 
to the problem (e.g., by modifying the function /i such that it produces a unique 
maximizer of the defendability). 



3.2.2 Attacker's NE strategy 

In mixed-strategies NE, each player is indifferent among the strategies in their 
support. Thus, any pure strategy i with = 1 in the defender's support yields 
the same (maximum) payoff to the defender in NE. 

We have proved that in any Nash equilibrium, the defender is playing with a 
mix of strategies (3 that maximizes defendability. If there exists a unique maxi- 
mizer (3 of the defendability and 9 is the maximum defendability, the attacker's 
NE strategy a is uniquely derived by the following procedure. First construct 
a sub matrix of A that we call A r , by keeping only the columns that correspond 
to the support of the defender's strategy (s through N, or s + 1 through N + 1, 
or s + 1 through N) and rows that correspond to the support of the attacker's 
strategy (s through N). The defender assigns weight to {j3g, . . . ,/3/v+i}) ac- 
cording to Table [2j where s optimizes the defendability, The attacker assigns 
positive weight to {as, ■ ■ ■ , o:n} according to the equations 



a' = [0;a' r ] (15) 
a! r = (6 ■ 1' + n' r ) ■ k~ l . (16) 

This procedure gives a unique a.. This a must be a valid probability distri- 
bution (sum to one and have nonnegative elements) for if otherwise, it would 
contradict Nash's existence theorem. 

If there are multiple choices of /3 that maximize the defendability (and this 
can happen either when both cases in Table [2] or various selections for s in the 
same case, give the same maximal defendability), from Nash's existence theorem 
(and our analysis), at least one of (3 will yield an a with the above procedure 
that corresponds to a valid probability distribution. 




Figure 1: (Type I) Players's best responses in NE for TV = 7, Oq = 0.1, Cd = 
15, c a = 1, c fa = 23, p = 0.2. 



The complexity to find the NE is polynomial: 0(N 2 ) to find the defendabil- 
ity, O(N) for each case, and 0(N 2 log N) to invert matrix A r . Since we have 
proved that (3 has a contiguous set of positive elements, we have reduced all the 
other degrees of freedom and we make only N + 1 computations for each case to 
find the optimal s. For the special case that Cd < N ■ c a , the two forms coincide 
and result in the same NE. 



4 Numerical Results/Simulations 

We conducted various experiments for different sets of parameters N, c a , c<j, c/ a , 
and p, assuming that the spammer attacks with Bernoulli distribution with pa- 
rameter Qq. We followed the procedure described above to calculate the strate- 
gies of both players at equilibrium. To validate our theoretical results, we used 
Gambit software [13]. 

Fig. [I] illustrates the first possible type for N = 7. As we can see, all the 
middle points are given the same weight (3 m = c a /cd — 0.0667, j3 s — and 
Pn+i > Pm- There exists a Nash equilibrium that matches the first row of 
Table [2] with s = 1. 

Fig. [2] represents the second type of Nash equilibrium strategies for N = 7. 
As we can see, all the middle points are given the same weight /3 m = c a /cd = 0.1, 
but here j3 s > (3 m (s = 0) and Pn+i = 0. Note that as p increases, larger weight 
is given to the smallest threshold, in order to detect the most-probable-to-exist 
spy- 
In both figures we observe that the defender gives positive weight on larger 
thresholds and is not focused on a range around A^o- Every pure strategy 
(threshold) in the support of the defender's NE strategy must give the defender 
the same payoff. The attacker's NE strategy a is such that he makes the 
defender's NE payoff for high thresholds the same as for lower ones. This is 
why the defender gives positive weight to higher thresholds, even when the 





Figure 3: Type I-II: Defender is uniform when Cd < N ■ c a . Other parameters 
are TV = 7, 9 = 0.1, c a = 1, c fa = 10, p = 0.8, c d = 7. 



probability that the spy will attack more than the threshold value is low. 

Fig. [3] depicts the NE in which both forms coincide, i.e., when Cd < N ■ c a . 
As we can see, the defender NE strategy is uniform and he never classifies the 
attacker always as spy or always as spammer. 

Our simulation results indicated a match between the spy and spammer. 
In NE, all threshold strategies in the support of the defender give the same 
payoff. When the defender selects a slightly larger threshold in his support, 
the decrease in the false alarm cost matches the increase in the misdetection 
cost, i.e., Pr{7J = T} = ^f^Pr{Z = T}. Hence, the spy's NE strategy is a 
scaled version of the spammer's distribution. For the spammer strategies that 
are outside the spy's support in NE, the spy gives zero weight. The spy's NE 
strategy is a truncated version of the spammer's distribution, as Fig. [4] shows. 
When either of p or Cd or c/ is large enough, the spy could also put some weight 
on the "always attack" strategy — and so that part of his strategy doesn't look 
like a truncated spammer distribution. 
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Figure 4: Spy's NE strategy is a truncated version of spammer's distribution. 
Parameters: N = 50 , 8 = 0.4, Cd = Cf a = 142, c a = 1, p = 0.3. 

5 Conclusion 

We investigated a classification game, where a network administrator (defender) 
seeks to classify an attacker as a strategic spy or a naive spammer. We showed 
that by taking advantage of the structure of the payoff formulation, we can 
characterize and anticipate the structure of the best response strategies of the 
two players in polynomial time. Our experimental results coincide with the 
theoretically expected ones: The structure of the cost matrix of the spy leads to 
only two forms of defender's strategics in NE. There is a relationship between the 
spammer's distribution and the spy's NE strategy. Furthermore, the defender 
NE strategy includes a contiguous set of thresholds that always include large 
values. If the parameters of the game satisfy a certain condition, the defender 
is uniformly randomizing among a set of thresholds. 
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